[FC4] Recent selinux update breaks spamassassin?

D. D. Brierton darren at dzr-web.com
Wed Oct 19 10:29:01 UTC 2005 

I've just been searching through bugzilla but I can't find this reported
yet. Yesterday I upgraded to the latest versions of selinux-policy-*
from updates-released:

selinux-policy-strict-1.27.1-2.6
selinux-policy-strict-sources-1.27.1-2.6
selinux-policy-targeted-1.27.1-2.6
selinux-policy-targeted-sources-1.27.1-2.6

Since then spam filtering has stopped working. My spamassassin is as
follows: fetchmail pulls mail from various POP3 servers and delivers it
to a locally running postfix. My ~/.forward file is:

"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #darren"

and the first line of my ~/.procmailrc is:

INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc

This has worked very well for me for a long time now. However since
yesterday's update it no longer is. I am seeing messages
in /var/log/audit/audit.log like this:

type=AVC msg=audit(1129716919.493:40): avc:  denied  { search } for
pid=3333 comm="procmail" name="mail" dev=hda3 ino=1890406
scontext=system_u:system_r:postfix_local_t
tcontext=system_u:object_r:etc_mail_t tclass=dir
type=SYSCALL msg=audit(1129716919.493:40): arch=40000003 syscall=195
success=no
exit=-13 a0=8f22a96 a1=bf93a114 a2=9b7ff4 a3=8f20d3a items=1 pid=3333
auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 comm="procmail" exe="/usr/bin/procmail"
type=CWD msg=audit(1129716919.493:40):  cwd="/home/darren"
type=PATH msg=audit(1129716919.493:40): item=0
name="/etc/mail/spamassassin/spamassassin-spamc.rc" flags=1
inode=1890406 dev=03:03 mode=040755 ouid=0 ogid=0 rdev=00:00

Unfortunately I do not grok audit.log's messages, but this seems to me
to be saying that selinux is denying procmail from piping my mail though
spamd with spamc.

Is anyone else seeing this?

TIA.

Best, D

-- 
=====================================================================
D. D. Brierton            darren at dzr-web.com          www.dzr-web.com
       Trying is the first step towards failure (Homer Simpson)
=====================================================================

More information about the fedora-list mailing list